CVE-2026-45659
HIGH KEVMicrosoft SharePoint Remote Code Execution Vulnerability
Title source: cnaExploitation Summary
CVE-2026-45659 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added July 1, 2026. EIP tracks 6 public exploits from researchers including SecureWithUmer, amnsecurity, jenniferreire26.
AI-analyzed exploit summary The repository claims to provide an exploit for CVE-2026-45659, a SharePoint deserialization RCE, but instead of including functional code, it links to an external download (tinyurl) and uses vague marketing language without technical depth in the provided README.
Description
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Exploits (6)
The repository claims to provide an exploit for CVE-2026-45659, a SharePoint deserialization RCE, but instead of including functional code, it links to an external download (tinyurl) and uses vague marketing language without technical depth in the provided README.
This repository contains a functional exploit for CVE-2026-45659, a deserialization vulnerability in Microsoft SharePoint Server (2019/2022/Subscription Edition) that allows authenticated low-privilege users (Site Member) to achieve remote code execution via unsafe deserialization in the SPListItem.Update() method using LosFormatter.Deserialize.
The repository lacks actual exploit code and instead directs users to an external download link (tinyurl.com), which is a common tactic for distributing malware or fake exploits. The README provides minimal technical details about the vulnerability.
The repository claims to provide an exploit for CVE-2026-45659, a deserialization vulnerability in Microsoft Office SharePoint, but lacks actual exploit code. Instead, it directs users to an external download link (tinyurl.com), which is a common tactic for distributing malware or fake exploits.
The repository claims to exploit a SharePoint deserialization RCE but lacks actual exploit code, instead redirecting to an external tinyurl link. The README provides technical details but no functional PoC.
The repository contains only placeholder files (README.md, LICENSE, .gitignore, cve-id-template.txt) with no actual exploit code or technical details about CVE-2026-45659. The README is a generic template with no specific information about the vulnerability.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H